Microsoft has warned about an ongoing, sophisticated cyber-attack believed to be from the same Russian-related hackers behind the SolarWinds hack.
She said: The attack appears to be targeting government agencies, think tanks, consultants and non-governmental organizations.
Microsoft believes that about 3,000 email accounts were targeted across 150 organizations. The victims are spread in more than 24 countries, but the majority are in the United States.
Hackers from a group called Nobelium managed to hack the USAID account via a marketing service called Constant Contact.
This allowed them to send real-looking phishing emails.
The Microsoft blog post contains a screenshot of one of these emails, which it claims contains a link to documents on election fraud from Donald Trump.
Clicked on the link installs a backdoor that allows attackers to steal data or infect other computers over the same network.
A spokesperson for Constant Contact said in a statement: “We are aware that one of our customers’ account data has been compromised and used by a malicious actor to gain access to the customer’s Constant Contact accounts.”
He added: “This is an isolated incident, and we have temporarily disabled the affected accounts while working with our client working with law enforcement agencies.”
Microsoft says it believes many attacks are blocked automatically, and that Windows Defender antivirus software also limits the spread of malware.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency acknowledged Microsoft’s blogging and encouraged officials to implement the necessary mitigation measures.
These malicious emails are a warning that cyber-attacks against US organizations show no signs of abating.
It also shows that hackers are updating their methods in response to previous attacks that have become public.
Microsoft is calling for new international standards governing the behavior of nation states in cyberspace along with expectations of the consequences of breaking them.
The US government has blamed Russia’s foreign intelligence service, SVR, for the SolarWinds hack.
Russian President Vladimir Putin denied Russia’s involvement in the incident.
The attack is believed to have hacked about 100 private companies and nine federal agencies.
Also, up to 18,000 SolarWinds customers are believed to have been exposed to the malicious code.
In response, President Biden announced new sanctions against Russia and moved to expel 10 Russian diplomats from Washington.